Commits · master · tails / tails

15 Oct, 2021 1 commit
- Bullseye: refresh a bunch of fuzzy patches. · 5f93bd26
  anonym authored Oct 14, 2021
  
  5f93bd26
11 Jul, 2019 2 commits

Translated using Weblate (Portuguese) · fc87cf82

emmapeel authored Jul 11, 2019

Currently translated at 17.7% (11 of 62 strings)

Translation: Tails/wiki/src/news/version_3.14.1.*.po
Translate-URL: http://translate.tails.boum.org/projects/tails/wikisrcnewsversion_3141po/pt/

fc87cf82

Translated using Weblate (Italian) · 179e0bda

emmapeel authored Jul 11, 2019

Currently translated at 39.0% (16 of 41 strings)

Translation: Tails/wiki/src/news/version_3.11.*.po
Translate-URL: http://translate.tails.boum.org/projects/tails/wikisrcnewsversion_311po/it/

179e0bda

02 Apr, 2019 1 commit

Refresh patch (refs: #16414 ) · 242f0e43

intrigeri authored Apr 02, 2019

apparmor 2.13.2-10 updated abstractions/base in a way that conflicts
with the tweaks we do there to support AppArmor aliases.

242f0e43

05 Jan, 2019 2 commits

Refresh patch (refs: #15477 ) · 60cfde6b
intrigeri authored Jan 05, 2019

60cfde6b

Revert incomplete and partly broken attempt to adjust to live-boot 1:20180328+ (refs: #15477 ) · f365b9bf

intrigeri authored Jan 05, 2019

I've uploaded Stretch's live-boot to our feature-buster APT overlay suite.
Let's install it and postpone finishing these adjustments. Accordingly, let's
revert our code to a state suitable for Stretch's live-boot.

This reverts commits 016e53e9,
4377f177,
99a01f8a,
df3c2dea,
928c868e
and 8b452697.

f365b9bf

05 Nov, 2018 1 commit
- Unfuzzy apparmor-aliases.diff patch. · 0b245683
  Cyril Brulebois authored Nov 05, 2018
  
  0b245683
29 Aug, 2018 1 commit
- it looks like upstream do not access ld.so.cache anymore, so removing. · 4960ef9e
  Sandro Knauß authored Aug 26, 2018
  
  4960ef9e
14 Aug, 2018 1 commit

AppArmor: allow /etc/ld.so.conf and friends in the "base" abstraction. · 66fcc833

intrigeri authored Aug 14, 2018

Thunderbird 60 needs access there and who knows what might break
in surprising, hard to debug ways, if we block it.

Backport from upstream commit 6d22c871bfb17da7620efab4ad5c41960d1efd41,
first released in Debian via apparmor 2.13-1.

66fcc833

03 Jun, 2018 1 commit
- Remove AppArmor profile customization that's not needed with current live-boot (refs: #15477) · 4377f177
  intrigeri authored Jun 03, 2018
```
The /lib/** kind of rules don't conflict anymore with the ones generated
due to the AppArmor aliases we set up to support /run/live/*.
```
  4377f177
10 Mar, 2018 1 commit
- Unfuzzy patch. · 60b8b865
  intrigeri authored Mar 10, 2018
  
  60b8b865
20 Feb, 2018 1 commit
- Unfuzzy patch. · bb948e06
  intrigeri authored Feb 20, 2018
  
  bb948e06
16 Nov, 2017 1 commit
- Unfuzzy patch. · d4b08ff7
  intrigeri authored Nov 16, 2017
  
  d4b08ff7
05 Oct, 2017 1 commit
- Refresh patches for versions in Debian Buster. · 07cbc6ba
  anonym authored Oct 05, 2017
  
  07cbc6ba
04 Jan, 2017 2 commits
- Move AppArmor aliases to a dedicated file, and include it. · fabdf938
  intrigeri authored Jan 02, 2017
```
This will avoid maintaining these settings as a patch.
```
  fabdf938
- Refresh patch to apply on current Stretch. · 6f81de7c
  intrigeri authored Jan 02, 2017
  
  6f81de7c
02 Jan, 2017 1 commit
- AppArmor: drop alias that's irrelevant with overlayfs. · 5f1e7d02
  intrigeri authored Jan 02, 2017
  
  5f1e7d02
01 Jan, 2017 1 commit
- AppArmor: add an alias that covers the overlayfs read-write branch. · 59a9d8a7
  intrigeri authored Jan 01, 2017
```
Refs: #8415
```
  59a9d8a7
08 Dec, 2016 2 commits
- Fix previous commit. · 8dbb82ad
  intrigeri authored Dec 08, 2016
  
  8dbb82ad
- AppArmor: allow all programs to read /etc/tor/torsocks.conf via abstractions/base. · 22e20207
  intrigeri authored Dec 08, 2016
```
This avoids having to maintain this as part of e.g. the Totem profile.
I expect more profiles will need it at some point anyway.
```
  22e20207
22 Jul, 2016 1 commit
- Unfuzzy apparmor-aliases.diff to apply on top of AppArmor 2.10.95-4. · 9a97dc5b
  intrigeri authored Jul 22, 2016
  
  9a97dc5b
17 Jan, 2016 1 commit
- Unfuzzy a couple patches for Stretch. · 1dff6eb3
  intrigeri authored Jan 17, 2016
  
  1dff6eb3
06 Jun, 2015 1 commit

Update AppArmor aliases adjustments to work with AppArmor 2.9. · 0a50f827

intrigeri authored Jun 06, 2015

It is quite a bit more picky and failed to load profiles with:

  profile has merged rule with conflicting x modifiers
  ERROR processing regexs for profile sanitized_helper, failed to load

Looking at it closely, one realizes that it's totally correct, and our previous
adjustments were incomplete.

This change includes re-diff'ing so that this patch applies cleanly against
the profiles shipped by apparmor 2.9.0-3~bpo70+1 (uploaded to our APT overlay
for this branch, but not to Debian yet).

0a50f827

04 Jun, 2015 1 commit

Make the AppArmor alias for /lib/live/mount/rootfs/filesystem.squashfs/ more... · f0d2d01d

intrigeri authored Jun 04, 2015

Make the AppArmor alias for /lib/live/mount/rootfs/filesystem.squashfs/ more generic, so that it covers SquashFS installed by automatic upgrades as well.

f0d2d01d

03 Jun, 2015 1 commit

Use aliases so that our AppArmor policy applies to /lib/live/mount/overlay/... · 6e48b6d6

intrigeri authored Jun 03, 2015

Use aliases so that our AppArmor policy applies to /lib/live/mount/overlay/ and /lib/live/mount/rootfs/filesystem.squashfs/ as well as to it applies to /.

That's something I wanted to avoid initially, for various reasons that are
explained already in [[contribute/design/application_isolation]]. However, now
that /lib/live/mount/overlay/ is accessible, I see no better way to protect
files accessed via this path as well as the same files accessed by
"normal" paths.

These changes are likely to increase policy compilation time a bit, benchmarking
will tell. If that's too severe a problem, we have a few potential ways out,
that are already documented in the "Increased policy compilation time" section
of the aforementioned piece of design doc.

6e48b6d6